Motivated by the vulnerability analysis of web programs which work on string inputs, we present S3, a new symbolic string solver. Our solver employs a new algorithm for a constraint language that is expressive enough for widespread applicability. Specifically, our language covers all the main string operations, such as those in JavaScript. The algorithm first makes use of a symbolic represen-tation so that membership in a set defined by a regular expression can be encoded as string equations. Secondly, there is a constraint-based generation of instances from these symbolic expressions so that the total number of instances can be limited. We evaluate S3 on a well-known set of practical benchmarks, demonstrating both its robustness (more defi...
String analysis is the problem of reasoning about how strings are manipulated by a program. It has n...
Bugs in user input sanitation of software systems often lead to vulnerabilities. Among them many are...
Regular expressions are a classical concept in formal language theory. Regular expressions in progra...
Web applications are pervasive these days. They are becoming the platforms for our daily activities ...
Most common vulnerabilities in modern software applications are due to errors in string manipulatio...
Dynamic Symbolic Execution (DSE) combines concrete and symbolic execution, usually for the purpose o...
Constraint solving is an essential technique for detecting vulnerabilities in programs, since it can...
Verifying string manipulating programs is a crucial problem in computer security. String operations ...
Artículo de publicación ISIWe study the fundamental issue of decidability of satisfiability over str...
We study the fundamental issue of decidability of satisfiability over string logics with concatenati...
The design and implementation of decision procedures for checking path feasibility in string-manipul...
Abstract. We present an automata-based approach for the verification of string operations in PHP pro...
Web applications are exposed to myriad security vulnerabilities related to malicious user string inp...
String constraint solving is an important emerging field, given the ubiquity of strings over differe...
String analysis is the problem of reasoning about how strings are manipulated by a program. It has n...
Bugs in user input sanitation of software systems often lead to vulnerabilities. Among them many are...
Regular expressions are a classical concept in formal language theory. Regular expressions in progra...
Web applications are pervasive these days. They are becoming the platforms for our daily activities ...
Most common vulnerabilities in modern software applications are due to errors in string manipulatio...
Dynamic Symbolic Execution (DSE) combines concrete and symbolic execution, usually for the purpose o...
Constraint solving is an essential technique for detecting vulnerabilities in programs, since it can...
Verifying string manipulating programs is a crucial problem in computer security. String operations ...
Artículo de publicación ISIWe study the fundamental issue of decidability of satisfiability over str...
We study the fundamental issue of decidability of satisfiability over string logics with concatenati...
The design and implementation of decision procedures for checking path feasibility in string-manipul...
Abstract. We present an automata-based approach for the verification of string operations in PHP pro...
Web applications are exposed to myriad security vulnerabilities related to malicious user string inp...
String constraint solving is an important emerging field, given the ubiquity of strings over differe...
String analysis is the problem of reasoning about how strings are manipulated by a program. It has n...
Bugs in user input sanitation of software systems often lead to vulnerabilities. Among them many are...
Regular expressions are a classical concept in formal language theory. Regular expressions in progra...